blob: 8ba2dfb6bc4e9c41c57935d8462ec5df6123f3dc [file] [log] [blame]
module: github.com/hybridgroup/gobot
package: github.com/hybridgroup/gobot/platforms/mqtt
versions:
- fixed: v1.12.1-0.20190521122906-c1aa4f867846
description: |
TLS certificate verification is skipped when connecting to a MQTT server.
This allows an attacker who can MITM the connection to read, or forge,
messages passed between the client and server.
published: 2021-04-14T12:00:00Z
cve: CVE-2019-12496
symbols:
- Adaptor.newTLSConfig
links:
commit: https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f
context:
- https://github.com/hybridgroup/gobot/releases/tag/v1.13.0